[php-maint] Bug#850158: Bug#850158: Use of uninitialized memory in unserialize()
Salvatore Bonaccorso
carnil at debian.org
Wed Jan 4 16:13:09 UTC 2017
Hi Ondřej
On Wed, Jan 04, 2017 at 03:24:22PM +0100, Ondřej Surý wrote:
> Hi,
>
> any web application that allows passing unsanitized data to
> unserialize() is doomed, so I don't really think that this requires
> immediate attention.
>
> This will get fixed in a normal security cycle with next PHP release (or
> I'll add the patch on top of next release).
Yes that sounds fine.
Regards,
Salvatore
More information about the pkg-php-maint
mailing list